CVE-2019-11856

LOW

ALEOS <4.13.0, <4.9.5, <4.4.9 - Replay Attack

Title source: llm

Description

A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.

References (1)

[Vendor Advisory] https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004/

Scores

CVSS v3 3.3

EPSS 0.0002

EPSS Percentile 5.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L

Details

CWE

CWE-294

Status published

Products (1)

sierrawireless/aleos < 4.12.0

Published Aug 21, 2020

Tracked Since Feb 18, 2026